Abstract

System security is a key technology to the development and deployment of IT
applications and services in a growing global network. Security is critical at
various levels of the system. However, security solutions typically address a
very specific vulnerability with little relation to the larger picture of secure
information systems. Organisations have successfully implemented these
solutions without knowing if all security requirements have been met or
what impact these solutions have on other parts of the information system.
The focus of this paper will be to identify the various layers that exist in
large distributed systems, and to lay the groundwork for defining security
requirements for each layer allowing for a mapping of security implications that each
layer has on other layers. This will result in the design of a layered security
architecture which could assist organisations in mapping out all required or
successfully implemented security requirements at various levels of information
systems.